Serverspy
Full-stack server fingerprinting tool for bug bounty hunters — auto-detects server, CDN, WAF, SSL, ports & more
Install / Use
/learn @masaudsec/ServerspyREADME
🕵️ ServerSpy
Full-stack server fingerprinting tool for bug bounty hunters and penetration testers.
Automatically detects server technology, IP info, CDN, WAF, SSL/TLS, open ports, and more — using 10 recon modules in a single lightweight Bash script.
📸 Preview
┌──────────────────────────────────────────────────┐
│ 🕵️ ServerSpy v1.0 — masaudsec.com │
│ Full Server Fingerprinting Tool │
└──────────────────────────────────────────────────┘
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📡 DNS Resolution
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[+] IPv4 Address(es): 93.184.216.34
[+] CNAME: example.com.edgekey.net.
[+] Nameservers: ns1.example.com
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🌐 HTTP Headers Analysis
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[+] Server: nginx/1.18.0
[+] CDN Detected: Cloudflare
[+] WAF Detected: Cloudflare WAF
[✓] HSTS
[✗] CSP Missing
🔍 What It Does
ServerSpy runs 10 recon modules automatically on any target:
| # | Module | Tools Used | What It Finds |
|---|--------|-----------|---------------|
| 1 | DNS Resolution | dig | IPv4, IPv6, CNAME, MX, NS, TXT, PTR (rDNS) |
| 2 | WHOIS & ASN | whois, ipinfo.io | Registrar, ISP, ASN, location, org |
| 3 | HTTP Headers | curl | Server, CDN, WAF, security headers, cookies |
| 4 | Tech Stack | whatweb | CMS, framework, languages, libraries |
| 5 | SSL/TLS Certificate | openssl | CA, SANs, TLS version, validity |
| 6 | Port Scan | nmap | Open web ports + service versions |
| 7 | Passive Intel | HackerTarget, crt.sh | Reverse IP hosts, subdomains |
| 8 | Traceroute | traceroute | Network path, hops |
| 9 | Robots & Sitemap | curl | Disallowed paths, sitemap |
| 10 | Auto-Install | apt/pacman/brew | Missing tools auto-installed |
⚡ Quick Start
# Clone
git clone https://github.com/masaudsec/serverspy.git
cd serverspy
# Make executable
chmod +x serverspy.sh
# Single target
./serverspy.sh example.com
# With protocol (auto-stripped)
./serverspy.sh https://example.com
# List of targets
./serverspy.sh -l targets.txt
📦 Installation
Kali Linux / Ubuntu / Debian
git clone https://github.com/masaudsec/serverspy.git
cd serverspy
chmod +x serverspy.sh
./serverspy.sh example.com # auto-installs missing tools on first run
macOS
# Install Homebrew tools first
brew install nmap whatweb curl wget
git clone https://github.com/masaudsec/serverspy.git
cd serverspy
chmod +x serverspy.sh
./serverspy.sh example.com
Dependencies
ServerSpy auto-installs missing dependencies using apt, pacman, or brew. You can also install manually:
# Debian/Ubuntu/Kali
sudo apt install -y curl wget dnsutils whois nmap whatweb traceroute openssl
# Arch/Manjaro
sudo pacman -S curl wget bind whois nmap whatweb traceroute openssl
# macOS
brew install curl wget nmap whatweb
🎯 Usage
# Single domain
./serverspy.sh target.com
# Single domain with protocol
./serverspy.sh https://target.com
# Bulk scan from list
./serverspy.sh -l domains.txt
# Help
./serverspy.sh --help
Output
Results are automatically saved to serverspy_results/ folder:
serverspy_results/
└── example.com_20260308_143022.txt
🔎 Detection Capabilities
CDN Detection
- Cloudflare
- AWS CloudFront
- Fastly
- Akamai
- Netlify
- Vercel
- GitHub Pages
- Sucuri
- Imperva
WAF Detection
- Cloudflare WAF
- Sucuri WAF
- ModSecurity
- Fortinet WAF
- Akamai WAF
Security Headers Audit
- HSTS (HTTP Strict Transport Security)
- CSP (Content Security Policy)
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
Cookie Security Flags
- HttpOnly
- Secure
- SameSite
📋 Example Output
╔══════════════════════════════════════════════════╗
║ 🎯 Target: netflix.com
╚══════════════════════════════════════════════════╝
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
📡 DNS Resolution
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[+] IPv4 Address(es): 54.74.73.0
[+] CNAME: ipv4_1.netflix.com.
[+] Nameservers: ns1.p47.dynect.net.
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🏢 WHOIS & ASN Info
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[+] Registrar: MarkMonitor, Inc.
[+] ASN / ISP: AS2906 NETFLIX-ASN
[+] Location: Los Gatos, California, US
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
🌐 HTTP Headers Analysis
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
[+] Server: openresty
[+] Via (Proxy/CDN): 1.1 netflix.com (Envoy)
[✓] HSTS
[✓] CSP
[✓] X-Frame-Options
🛡️ Legal Disclaimer
ServerSpy is intended for authorized security testing and educational purposes only.
Always obtain explicit written permission before scanning any system you do not own. Unauthorized scanning may violate laws including the Computer Fraud and Abuse Act (CFAA) and similar legislation in your jurisdiction.
The author is not responsible for any misuse or damage caused by this tool.
👤 Author
Masaud Ahmad — @masaudsec
- 🌐 Website: masaudsec.com
- Bug bounty hunter & offensive security educator
- Building tools for the security community
📄 License
This project is licensed under the MIT License — see the LICENSE file for details.
🤝 Contributing
Pull requests are welcome. For major changes, please open an issue first.
- Fork the repo
- Create your feature branch (
git checkout -b feature/new-module) - Commit your changes (
git commit -m 'Add new module') - Push to the branch (
git push origin feature/new-module) - Open a Pull Request
⭐ Support
If this tool helped you find bugs, please star the repo and share it with the community!
